I can totally understand this perspective and it's why I do want to explore serverside rendering.

But it does mean a tradeoff in this case, espescially once I support logins.

With the thick client approach, the logins I plan to use happen entirely client-side and your password is never transfered to the server at all.

This isn't possible with static web pages, you have to trust the web frontend you use to not steal your password.

That's just one example, but there are others.

Right now to the nodes it is much more difficult for a node to tell who is reading what (once the app is running) than if requests were coming in through a traditional url structure for every request.

The whole point of nab is putting as much choice as possible in the hands of end users and I do hope to eventually give users the option to make the above trade-offs as desired if someone else doesn't beat me to it.